This project is currently maintained on the main branch only.

If you discover a security issue, please report it privately first.

Preferred channels:

1. Open a private security advisory in GitHub (if enabled).
2. If private advisory is not available, open an issue with minimal details and request a private follow-up from maintainers.

Please include:

• A clear description of the vulnerability
• Affected files/endpoints/flows
• Reproduction steps or proof of concept
• Potential impact
• Suggested remediation (if available)

• Initial triage target: within 3 business days
• Status update target: within 7 business days
• Fix timeline depends on severity and release constraints

We will coordinate disclosure timing after remediation is available.